A very brief report.
Hope it's helpful for others.
Last night I replaced our company's old linux router with a new one running CentOS 7.
Today, I decided to change the standard listening port 22 to 4444.
changed to
systemctl stop sshd.service
and then
systemctl start sshd.service
Users started calling saying "No internet! No internet!"
systemctl status sshd.service showed that ssh daemon failed and exited with a status code I didn't understand.
So the first hope was a simple cure by simple reboot; but, no go. Still no internet.
I tethered my notebook to my android for internet access and found info. about a command "semanage" to tell selinux that the sshd service is now listening on a different port and that's okay. I tried the commmand and it's not found on my freshly updated centos 7 router.
So then I wanted to review the basic selinux settings and found the following in /etc/sysconfig/selinux:
Code:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
OK, supposedly permissive mode only casts out warnings but doesn't enforce/inhibit any daemons or services, right?
But sshd.service continued to fail and exit upon start and there was no internet access.
So, nothing to lose by trying:
Reboot.
All good.
Alternative sshd port setting allows connections on that destination port.
All users on the LAN regained access to the internet.
I haven't worked with selinux enough to understand how to deploy it carefully while still allowing multiple services. Simply reporting the only way I found to use an alternate sshd port was to disable selinux.
Cheers.